By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Both Trend Micro and McAfee have Netsky-B rated as a "medium" risk. Symantec has it a moderate risk. The worm seems to be strongest in Europe, but that may change as North American workers come online.

The best way to prevent getting clipped by Netsky-B is updating antivirus signatures. Using content filtering to catch the worm is difficult as it uses a variety of subject line and body messages. Subjects could include "hello" or "read it immediately." The body of the message could say "anything ok" or "is that true?"

The worm can arrive featuring a double extension such as .rtf.pif. It may also be a .zip file, which may be problematic as many businesses allow such files in as they are commonly used in business.

When executed, the worm displays a bogus error message: "The file could not be opened!" It then copies itself to the Windows directory folder as services.exe. Netsky-B also adds a registry key so it starts when the system is started.

Netsky-B can also spread via shared drives. It searches for folder names containing "Share" or "Sharing" and then copies itself to those folders, according to Symantec. The worm copies itself using a variety of tempting sounding names such as "programming basics.doc.exe," "cool screensaver.scr" or "winxp_crack.exe."

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy